tag:blogger.com,1999:blog-3615332969083650973.post5642048812958066361..comments2024-03-18T21:47:09.885-04:00Comments on sysadvent: Day 16 - SSH keys shared with FUSEJordan Sisselhttp://www.blogger.com/profile/13694925032675599790noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-3615332969083650973.post-42398627243637860042012-12-22T17:41:56.380-05:002012-12-22T17:41:56.380-05:00Great article. One recommendation... don't rel...Great article. One recommendation... don't rely on strncpy. it does not always nul terminate strings. there are safer alternatives.Ron Perrellahttps://www.blogger.com/profile/14742014696092747403noreply@blogger.comtag:blogger.com,1999:blog-3615332969083650973.post-37963469455538155652012-12-17T15:50:12.638-05:002012-12-17T15:50:12.638-05:00on rhel/centos the package openssh-ldap to the res...on rhel/centos the package openssh-ldap to the rescue,<br />as describe in the following link:<br />http://itsecureadmin.com/2012/09/ssh-public-key-authentication-via-openldap-on-rhelcentos-6-x/<br /><br />Regards<br />Mikebmx0rhttps://www.blogger.com/profile/13452536163538117589noreply@blogger.comtag:blogger.com,1999:blog-3615332969083650973.post-69354636647754831142012-12-17T05:56:21.284-05:002012-12-17T05:56:21.284-05:00Hi,
great post and C truly deserves more attentio...Hi,<br /><br />great post and C truly deserves more attention.<br /><br />We solved this problem in a completely different way by using SSH host-based authentication. We have jump hosts from which you can SSH into all other systems without a password because the jump hosts are "trusted". Obviously the jump hosts are not reachable from everywhere and well protected.<br /><br />Downside is of course that with this we cannot easily restrict users to logon only to certain hosts. So we just use pam and groups for that purpose instead.<br /><br />SSH host-based authentication just provides the authentication, and pam restrictions provide the authorization part.<br /><br />Kind Regards,<br />SchlomoSchlomohttps://www.blogger.com/profile/02396516711226876546noreply@blogger.com